§ 17931. Application of security provisions and penalties to business associates of covered entities; annual guidance on security provisions
509 words·~2 min read·
/usc/title-42/section-17931A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
(a)Application of security provisions Sections 164.308, 164.310, 164.312, and 164.316 of title 45, Code of Federal Regulations, shall apply to a business associate of a covered entity in the same manner that such sections apply to the covered entity. The additional requirements of this title 1 that relate to security and that are made applicable with respect to covered entities shall also be applicable to such a business associate and shall be incorporated into the business associate agreement between the business associate and the covered entity.
(b)Application of civil and criminal penalties In the case of a business associate that violates any security provision specified in subsection (a), sections 1320d–5 and 1320d–6 of this title shall apply to the business associate with respect to such violation in the same manner such sections apply to a covered entity that violates such security provision.
(c)Annual guidance For the first year beginning after February 17, 2009, and annually thereafter, the Secretary of Health and Human Services shall, after consultation with stakeholders, annually issue guidance on the most effective and appropriate technical safeguards for use in carrying out the sections referred to in subsection
(a)and the security standards in subpart C of part 164 of title 45, Code of Federal Regulations, including the use of standards developed under section 300jj–12(b)(2)(B)(vi) 1 of this title, as added by section 13101 of this Act, as such provisions are in effect as of the date before February 17, 2009.
(Pub. L. 111–5, div. A, title XIII, § 13401, Feb. 17, 2009, 123 Stat. 260.)
Connections84 cite this · traces to 3
Cited by 84 sections · top 57
U.S. Code
- § 201Definitions
- § 17932Notification in the case of breach
- § 17935Restrictions on certain disclosures and sales of health information; accounting of certain protected health information disclosures; access to certain information in electronic format
- § 17937Temporary breach notification requirement for vendors of personal health records and other non-HIPAA covered entities
- § 17934Application of privacy provisions and penalties to business associates of covered entities
- § 17939Improved enforcement
- § 17940Audits
- § 17938Business associate contracts required for certain entities
- § 17936Conditions on certain contacts as part of health care operations
- § 17933Education on health information privacy
statutes-at-large
- Public Law 111–5Making supplemental appropriations for job preservation and creation, infrastructure investment, energy efficiency and science, assistance to the unemployed, and State and local fiscal stabilization, for the fiscal year ending September 30, 2009, and for other purposes
- Public Law 116–321To amend the Health Information Technology for Economic and Clinical Health Act to require the Secretary of Health and Human Services to consider certain recognized security practices of covered entities and business associates when making certain determinations, and for other purposes
register
- Proposed RulesFinal rule
- Rules and RegulationsRequest for Information
- NoticesNotice of proposed rulemaking; notice of Tribal consultation
- Proposed RulesProposed rule
- NoticesProposed rule
- Rules and RegulationsNotice of a modified system of records
- Presidential DocumentsIntroduction to the Unified Agenda of Federal Regulatory and Deregulatory Actions
bill
- Sec. 201Purpose and applicability of data privacy and security program
- Sec. 2Requirements for information security
- Sec. 201Purpose and applicability of data privacy and security program
- Sec. 201Purpose and applicability of consumer privacy and data security program
- Sec. 211Notice to individuals
- Sec. 201Purpose and applicability of consumer privacy and data security program
- Sec. 211Notice to individuals
- Sec. 2Requirements for information security
- Sec. 201Purpose and applicability of consumer privacy and data security program
- Sec. 211Notice to individuals
- Sec. 201Purpose and applicability of consumer privacy and data security program
- Sec. 211Notice to individuals; protection
- Sec. 2Requirements for information security
- Sec. 2Recognition of security practices
- Sec. 502Recognition of security practices
- Sec. 502Recognition of security practices
- Sec. 110Limitations and applicability
- Sec. 1Recognition of security practices
- Sec. 1Recognition of security practices
- Sec. 1Recognition of security practices
- Sec. 6Information security standards
- Sec. 10Relation to other laws
- Sec. 204Protection of covered data
- Sec. 405Relationship between Federal and State law
- Sec. 6Information security standards
- Sec. 10Relation to other laws
- Sec. 203Protection of covered data
- Sec. 404Relationship between Federal and State law
- Sec. 6Information security standards
- Sec. 110Limitations and applicability
- Sec. 208Data security and protection of covered data
- Sec. 404Relationship to Federal and State laws
- Sec. 404Relationship to Federal and State laws
- Sec. 202Confidentiality of medical quality assurance records
- Sec. 202Confidentiality of medical quality assurance records
- Sec. 6Information security standards
- Sec. 103Increased civil penalties for failure to comply with security standards and requirements for health information
Traces to 3 documents
U.S. Code
public-private-law
8 references not yet in our index
- 1
- Pub. L. 111–5, div. A, title XIII, § 13401
- 123 Stat. 260
- Pub. L. 111–5
- 130 Stat. 1168
- section 13101 of div. A of Pub. L. 111–5
- Pub. L. 111–5, div. A, title XIII, § 13423
- 123 Stat. 276
Citation graph
cites case law
§ 17931
Application of security provisions and penalties to business associates of covered entities; annual guidance on security provisions
Bills×52
Fed. Reg.×17
U.S.C.×12
Stat.×2
Pub. L.×1
Cite1
Pub. L.Pub. L. 111–5, div. A, title XIII, § 13401
Stat.123 Stat. 260
Pub. L.Pub. L. 111–5
Stat.130 Stat. 1168
Cites 11 · showing 8Cited by 84 across 5 sources